how to get sonicwall syslog logs to graylog. what configuration needs to be done in graylog and sonicwall.
Hey @adiya_v
This explains HowTo configure sonicwall here
I would suggest using a port above 1024.
Next create a input on graylog shown here that match the same port from sonicwall.
From the documentation I just read about sonicwall it uses Syslog. I would create that type of input and match the ports between the two devices.
Hope that helps
i have created syslog tcp input in garylog with specifying 5516 port and done the following configuration in sonicwall:
Configuration for Sonicwall firewall:
Navigate to Manage | Log Settings | SYSLOG .
Under Syslog tab, Click on the Add button.
Select the Name or IP address of the Syslog server from the dropdown.
-set server fxyz.abc.com # this is the FQDN of our firewall
-set port 5516
select syslog format as “Enhanced”
Click OK
But still i am not getting any logs.
On graylog perhaps execute a tcpdump.
running tcpdump -i ens189 port 5516
Is giving me result.
can anyone help with this issue?
